nas
This commit is contained in:
mjallen18
@@ -160,20 +160,75 @@ let
|
||||
) null config.systemd.tmpfiles.rules;
|
||||
overrideStorePath =
|
||||
if overrideLine != null then lib.last (lib.splitString " " overrideLine) else null;
|
||||
|
||||
# Bootstrap config.php written when the file is absent/empty.
|
||||
# Satisfies Nextcloud's Config.php writeData() guard (needs 'version')
|
||||
# and the setup script's `-s` check (needs non-empty file).
|
||||
# passwordsalt/secret/instanceid are intentionally left empty here —
|
||||
# they must be populated manually or via SOPS before first use.
|
||||
bootstrapConfig = pkgs.writeText "nextcloud-bootstrap-config.php" (
|
||||
"<?php\n"
|
||||
+ "$"
|
||||
+ "CONFIG = [\n"
|
||||
+ " 'installed' => true,\n"
|
||||
+ " 'version' => '${config.services.nextcloud.package.version}',\n"
|
||||
+ " 'datadirectory' => '${cfg.dataDir}/nextcloud/data',\n"
|
||||
+ " 'dbtype' => 'pgsql',\n"
|
||||
+ " 'dbname' => 'nextcloud',\n"
|
||||
+ " 'dbhost' => '/run/postgresql',\n"
|
||||
+ " 'dbuser' => 'nextcloud',\n"
|
||||
+ " 'dbpassword' => "
|
||||
+ "''"
|
||||
+ ",\n"
|
||||
+ " 'instanceid' => "
|
||||
+ "''"
|
||||
+ ",\n"
|
||||
+ " 'passwordsalt' => "
|
||||
+ "''"
|
||||
+ ",\n"
|
||||
+ " 'secret' => "
|
||||
+ "''"
|
||||
+ ",\n"
|
||||
+ "];\n"
|
||||
);
|
||||
in
|
||||
lib.mkIf (overrideStorePath != null) {
|
||||
# systemd-tmpfiles refuses to create the override.config.php symlink because
|
||||
# /media/nas/main is owned by nix-apps (not root/nextcloud), triggering an
|
||||
# "unsafe path transition" error. Work around this by creating the symlink
|
||||
# directly as root (the '+' prefix) before the setup script's ownership check.
|
||||
# The target store path is resolved at Nix eval time so it is always current.
|
||||
# systemd-tmpfiles refuses to create paths under /media/nas/main because
|
||||
# of an "unsafe path transition" (owned by nix-apps, not root/nextcloud).
|
||||
# Work around by creating the required dirs/symlinks as root ('+' prefix)
|
||||
# before the setup script's ownership check runs.
|
||||
ExecStartPre = [
|
||||
(
|
||||
"+"
|
||||
+ pkgs.writeShellScript "nextcloud-fix-override-config" ''
|
||||
dest="${cfg.dataDir}/nextcloud/config/override.config.php"
|
||||
ncdir="${cfg.dataDir}/nextcloud"
|
||||
|
||||
# Ensure required directories exist with correct ownership
|
||||
for dir in "$ncdir" "$ncdir/config" "$ncdir/data" "$ncdir/store-apps"; do
|
||||
if [ ! -d "$dir" ]; then
|
||||
${pkgs.coreutils}/bin/mkdir -p "$dir"
|
||||
fi
|
||||
${pkgs.coreutils}/bin/chown nextcloud:nextcloud "$dir"
|
||||
${pkgs.coreutils}/bin/chmod 0750 "$dir"
|
||||
done
|
||||
|
||||
# override.config.php symlink (updated each generation)
|
||||
dest="$ncdir/config/override.config.php"
|
||||
echo "Creating symlink: $dest -> ${overrideStorePath}"
|
||||
${pkgs.coreutils}/bin/ln -sf "${overrideStorePath}" "$dest"
|
||||
|
||||
# If config.php is absent or empty, copy in a bootstrap stub.
|
||||
# Nextcloud's Config.php writeData() guard requires 'version' in the
|
||||
# merged cache, and the setup script's -s check requires a non-empty
|
||||
# file. The real runtime settings come from override.config.php via
|
||||
# array_replace_recursive; this stub just satisfies those two guards.
|
||||
cfgfile="$ncdir/config/config.php"
|
||||
if [ ! -s "$cfgfile" ]; then
|
||||
echo "Writing bootstrap config.php"
|
||||
${pkgs.coreutils}/bin/cp ${bootstrapConfig} "$cfgfile"
|
||||
${pkgs.coreutils}/bin/chown nextcloud:nextcloud "$cfgfile"
|
||||
${pkgs.coreutils}/bin/chmod 0640 "$cfgfile"
|
||||
fi
|
||||
''
|
||||
)
|
||||
];
|
||||
|
||||
Reference in New Issue
Block a user